A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.
References
Link | Resource |
---|---|
http://ruckus.com | Not Applicable |
https://github.com/harry935/CVE-2023-45992 | Exploit Third Party Advisory |
https://server.cloudpath/ | Broken Link |
https://server.cloudpath/admin/enrollmentData/ | Broken Link |
https://support.ruckuswireless.com/security_bulletins/322 | Vendor Advisory |
Configurations
History
12 Jan 2024, 20:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:*:*:*:*:*:*:*:* | |
First Time |
Commscope ruckus Cloudpath Enrollment System
|
31 Oct 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. |
25 Oct 2023, 20:22
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/harry935/CVE-2023-45992 - Exploit, Third Party Advisory | |
References | (MISC) https://server.cloudpath/ - Broken Link | |
References | (MISC) https://server.cloudpath/admin/enrollmentData/ - Broken Link | |
References | (MISC) http://ruckus.com - Not Applicable | |
References | (MISC) https://support.ruckuswireless.com/security_bulletins/322 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.6 |
CPE | cpe:2.3:a:commscope:ruckus_cloudpath:5.12.54414:*:*:*:*:*:*:* | |
CWE | CWE-352 CWE-79 |
|
First Time |
Commscope
Commscope ruckus Cloudpath |
19 Oct 2023, 19:36
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-19 19:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-45992
Mitre link : CVE-2023-45992
CVE.ORG link : CVE-2023-45992
JSON object : View
Products Affected
commscope
- ruckus_cloudpath_enrollment_system